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REMARKS 

Claims 1-27 were presented for examination and were rejected. The applicants 
respectfully traverse. 

35 U.S.C. 103 Rejection of Claims 1-27 

Claim 1-27 have been rejected under 35 U.S.C. 103 as being unpatentable over 
Hitachi ID Systems Inc., Hitach ID Password Manager : Password Synchronization and 
Reset, "P-Synch Installation and Configuration Guide" (hereinafter "P-Synch") in view of 
SecurityStats.com, "SecurityStats.com Password Strength Meter" (hereinafter 
"SecurityStats.com") and further in view of the "One Look Dictionary" search engine 
(hereinafter "OneLook"). The applicants respectfully traverse. 

Claim 1 recites: 

1. A method for evaluating a password proposed by a user during an 
enrollment process, comprising: 

receiving said proposed password from said user; 

performing an Internet search using a query containing one or more 
keywords derived from said proposed password, wherein said Internet search 
searches contents of the Internet across a plurality of web sites using a 
search engine tool; 

evaluating results of said search relative to one or more predefined 
thresholds; and 

rejecting said proposed password when said user is correlated with 
said proposed password if one or more of said predefined thresholds are 
exceeded by said results. 

Neither P-Synch nor SecureStats.com nor OneLook teach or suggest, alone or in 

combination, what claim 1 recites — namely, the rejecting of a proposed password when 

the user is correlated with the proposed password. 
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The Office wrote in the pending action that P-Synch teaches an arrangement in 

which a password is rejected when a password is correlated with a proposed password: 

...evaluating results from a table lookup relative to one or more 
predefined thresholds (page 4, "4. P-Synch checks the new password...", cf. 
pages 124-126, but particularly those rules on page 126 as indicated); and 
rejecting said proposed password when said user is correlated with 
said proposed password if one or more of said predefined thresholds are 
exceeded by said results (Ibid). 

Office Action dated 1/24/2008, page 3 

The applicants respectfully disagree with the contention of the Office. The rules 
referred to by the Office involve the comparison of the user name and the password, and 
ensuring that the password is not derived from the user name. 

For example, user John Doe may have a user name "JDawg" and proposed password 
"Mary," after the name of his daughter. Under the password verification rules of P-Synch, 
the password Mary would be acceptable because the word "Mary" is no way derived from 
the word "jdawg." In contrast, according to the method of claim 1, the password "Mary" 
would not be acceptable. A search for "Mary Doe" in a specialized database, such as 
USSearch.com, can easily reveal that John Doe has a daughter named Mary. In accordance 
with the invention defined in claim 1, the proposed password "Mary" would be correlated to 
John Doe and rejected. (See, Specification at paragraphs [0030], [0039], and [0040] 
for support that the present invention encompasses searching for family members 
in specialized databases) 

In other words, the present invention seeks a correlation between the person of the 
user and his or her proposed password. 

The relevant password verification rules in P-Synch just prevent similarities in 
spelling between a proposed password and its corresponding user name . P-Synch does 
not teach or suggest, alone or in combination with the other references, "rules that 
employ(s) information extraction techniques to find and report relations between the 
proposed password and certain user in information that might make the proposed password 
vulnerable to attack." (See, Specification at paragraph [0056]) 

For these reasons, the applicants respectfully submit that the rejection of claim 1 is 
traversed. 
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Because claims 2-20 depend on claim 1, the applicants respectfully submit that the 

rejection of them is also traversed. 

Claim 21 recites: 

21. An apparatus for evaluating a password proposed by a user 
during an enrollment process, comprising: 

a memory; and 

at least one processor, coupled to the memory, operative to: 

receive said proposed password from said user; 

perfoml an Internet search using a query containing one or more 
keywords derived from said proposed password, wherein said Internet search 
searches contents of the Internet across a plurality of web sites using a 
search engine tool; 

evaluate results of said search relative to one or more predefined 
thresholds; and 

reject said proposed password when said user is correlated with 
said proposed password if one or more of said predefined thresholds are 
exceeded by said results. 

(emphasis supplied) 

For the same reasons as for claim 1, the applicants respectfully submit that the 
rejection of claim 21 is also traversed. 

Because claims 22-26 depend on claim 1, the applicant respectfully submit that the 
rejection of them is also traversed. 

Claim 27 recites: 

27. An article of manufacture for evaluating a password proposed by 
a user during an enrollment process, comprising a machine readable 
recordable medium containing one or more programs which when executed 
by a computer implement the steps of: 

receiving said proposed password from said user; 

performing an Internet search using a query containing one or more 
keywords derived from said proposed password, wherein said Internet search 
searches contents of the Internet across a plurality of web sites using a 
search engine tool; 

evaluating results of said search relative to one or more predefined 
thresholds; and 

rejecting said proposed password when said user is correlated with 
said proposed password if one or more of said predefined thresholds are 
exceeded by said results. 

(emphasis supplied) 
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For the same reasons as for claims 1 and 21, the applicants respectfully submit that 
the rejection of claim 27 is also traversed. 



Request for Reconsideration Pursuant to 37 C.F.R. 1.111 

Having responded to each and every ground for objection and rejection in the last 
Office action, applicants respectfully request reconsideration of the instant application 
pursuant to 37 CFR 1.111 and request that the Examiner allow all of the pending claims and 
pass the application to issue. 

If there are remaining issues, the applicants respectfully request that Examiner 
telephone the applicants' attorney so that those issues can be resolved as quickly as 
possible. 



Respectfully, 
Amit Bagga et al. 

Bv /Kiril Dimov/ 

Kiril Dimov 
Reg. No. 60,490 
Attorney for Applicants 
732-578-0103 x215 

DeMont & Breyer, L.L.C. 
Suite 250 

100 Commons Way 
Holmdel, NJ 07733 
United States of America 
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